Compliance and Privacy News
complianceandprivacy.com is full of news and views of on Compliance, Privacy and surrounding legislation in the global marketplace from a European perspective

• Dam Data Leakage at Source - a Wick Hill view
  
  • Computer networks have become increasingly open and accessible by more and more users. Huge growth in the use of mobile, wireless and remote computing
  • These changes in computer networks have left confidential data at risk of being seen by those unauthorised to view it.
  • Those wanting to view data without permission include employees and those outside an organisation. The motive may be non-malicious, or malicious, or criminal.
  • Laptops are particularly vulnerable to data loss or theft, with laptop losses reported ever more frequently.
  • Losing data damages a company's reputation, puts them in breach of the Data Protection Act and may by very costly, including the possibility of being fined.
  • If sensitive information, such as financial details, is lost, it may leave customers or staff exposed to identify theft.
  • Currently, the protection of data is mainly inadequate. Because of the rapidly changing structure of computer networks, companies should review the way they protect the security of data.
  • The highest risk areas for losing data are through email, through remote access and through laptop use.
  • Encryption is the best way to secure data. It is now both easy-to-use and low cost.
  • Encryption technology is now moving towards Unified Encryption Management (UEM), which means that encryption is centrally managed throughout an organisation, including for office based systems, mobile and remote access.
• UK Information Commissioner does not regulate BlueSpam after all!
  Following discussions with the Department of Business, Enterprise and Regulatory Reform and others the Information Commissioner’s Office has amended its guidance on the Privacy and Electronic Communications Regulations 2003. The guidance previously stated that marketing messages sent using Bluetooth technology would be subject to PECR rules relating to the sending of unsolicited marketing.
• IPv6 - Risks & Ramifications of a Potential Disruptor - Book your Webcast place
  While the various modifications and improvements to IPv4 have served the Internet well, these stop gaps can only go so far. Fortunately, IPv6 is finally maturing and provides some much needed functionality that will undoubtedly facilitate growth and innovation. Now that more products include IPv6 functionality, the technology is slowly becoming a reality. While this is a slow process, it will be moved along with the US Government's mandate that organizations implement IPv6 by 2008; the mandate even includes organizations that do not have external factors forcing an upgrade.
  
  While delaying deployment may lead to missed opportunities, completely disregarding the technology can have serious security ramifications. Most networks are partially IPv6-capable whether or not network managers are aware of it, and IPv4 networks left unprepared are vulnerable to attackers. So, for those considering upgrading to IPv6, there are a number of issues to consider before taking the plunge. Organizations must remember that platform upgrades of this scale will cause disruptions. In addition, an upgrade could cause confusion, resulting in security holes that attackers will certainly try to exploit. These are just some of the issues network managers and implementation specialists must consider, which makes it imperative they have a solid understanding of this new protocol. From a strategic standpoint, IPv6 facilitates a paradigm shift toward increasingly distributed, end-to-end communications, changing the threat landscape and requiring similarly distributed security. This report provides an overview of IPv6 and discusses the risks associated with its implementation.
• Predicting Disruptive Technologies over the next 5 years - Webcast replay
  Disruptors, understood as radical shifts in technological or behavioral trend-line trajectories, are considered "disruptive" largely because they are unforeseeable or else, if somewhat foreseeable, cannot be modeled precisely enough to facilitate control over the process. With this in mind this report analyses numerous and varied potential disruptors, some of which may never come to fruition. Thus, each section explicitly acknowledges the level of confidence with which analysts estimate each disruptor's potential impact; some will be almost sure to occur, others less likely and still others of uncertain likelihood. In this way, decision makers can allocate resources according not only to the potential impact, but also considering the likelihood of its occurrence.
• Uncovering Online Fraud Rings: The Russian Business Network - Webcast Replay
  The Russian Business Network (RBN) developed into its current incarnation as "the baddest of the bad" Internet service provider (ISP) in June 2006. Before then, much of the malicious code currently hosted on RBN servers was located on the IP block of another St. Petersburg ISP, the now-defunct ValueDot. Like ValueDot before it, but unlike many ISPs that host predominately legitimate items, RBN is entirely illegal. VeriSign iDefense research identified phishing, malicious code, botnet command-and-control (C&C), and denial of service (DoS) attacks on every single server owned and operated by RBN.
• Motives, Methods and Mitigation of Insider Threats - Webcast Replay
  Although security plans are usually designed to look outward to mitigate threats and attacks from the Internet, they often fail to address the more likely attack vector - the malicious insider. This report examines the anatomy of the insider threat - what makes the malicious insider tick, how they often hit and what organizations can do to prevent damage or loss. A heavy focus upon the impact to financial and retail organizations is included in this research.
• Flash mobs - the next online threat
  Estonia has one of the most technologically advanced populations in Europe. Events in the last few months, though, have perhaps given the rest of Europe a taste of what might be the next real threat on the internet, flash mobbing.
  
  Flash mobbing is where a group of people meet online to coordinate attacks on an organisation either by their physical presence (such as everyone turning up at one furniture shop) or online. Common attacks include sending emails to the same website at the same time or using the website for mass queries with the aim of taking the server down.
  
  Flash mobbing has been headline news in Estonia as its government uses technology extensively, for example allowing widespread use of e-voting in the last elections. The government's servers were attacked in the summer by a flash mob thought to have had connections with neighbouring Russia.
• Thales's Mobile VPN Solution Secures the Use of Public Wireless Networks
  Thales, a leading supplier of IT security products and solutions for all critical infrastructures , today (4 October 2007) announced a new version of its SafeMove Mobile VPN solution incorporating an innovative Hotspot Login Assistant. The enhancement makes untrusted public networks easier and much safer for users who require remote access to corporate networks. The Hotspot Login Assistant feature makes Thales's SafeMove the leading remote access solution, truly addressing all security dimensions, including critical human factor issues.
  
  According to the latest figures from the Office of National Statistics, the number of people in the UK who work mainly from home doubled between 1997 and 2005 to 2.4 million workers. Supporting the desire for increasing levels of flexibility, the number of workers using multiple locations experienced the strongest growth, accounting for 6 per cent of all workers in 2005. These statistics reflect a worldwide trend that supports the need for advanced security solutions, such as SafeMove, to safeguard the information of companies and individuals wishing to access private data and applications from a variety of locations.
• Full archive of Privacy Laws and Business UK Newsletters
  By kind permission of Privacy Laws and Business, ComplianceAndPrivacy.com is able to bring you the United Kingdom Newsletter Archive, up to the end of June 2007. New items will be announced individually
• Full archive of Privacy Laws and Business International Newsletters
  By kind permission of Privacy Laws and Business, ComplianceAndPrivacy.com is able to bring you the International Newsletter Archive, up to the end of June 2007. New items will be announced individually
• PL&B International E-news, Issue 57
  
  • The Art. 29 Data Protection Working Party discusse